We are anonymous, we are legion

26th AMIC Annual Conference – India 2018

Admin — 2018-06-26T01:58:28Z

The 26th AMIC annual conference on the theme Disturbing Asian Millennials: Some Creative Responses was organized by Manipal Academy of Higher Education (MAHE) at Fortune Inn Valley View, Manipal in Karnataka from June 7 - 9, 2018. Swaraj Paul Barooah was a speaker.

Read the agenda and other details here An article announcing the event by Kevin Mendonsa was published in the Times of India on June 5, 2018.

Understanding the Asia Pacific Millennials

Millennials, the 16‐34 year‐olds, make up the majority of the total population of many Asia Pacific countries. It is estimated that there are about 606 million millennials in the Asia‐Pacific region.

While millennials make up a homogenous group in terms of age cluster, they can be categorized as either non‐affluent or affluent with the latter outnumbering as they account for 82 percent of all millennials in the region.[1]

Another reality is that these millennials are located in a geographically and culturally diverse setting.

Current and emerging socioeconomic and political realities are “disturbing” the millennials just as they have the capacity to disturb society.

Globalization, migration, and technology are some of the major factors that are redefining millennials way of life. They are digital natives who do not only “consume” media but prefer creating their own content. Technology (read: smart mobiles) is not a tool but the air they breathe. Social networking is an essential prerequisite to be connected. A major fear is to be a FOLO – Fear of Life Offline. Erstwhile, fear was to be a FOMO – Fear of Missing Out.

Preserving the status quo or being a mere passive spectator is out of the question as their lifestyle and work style is ruled by engagement, creativity, innovation, and change.

Millennials are into multitasking for several reasons but primarily to earn as much from as many revenue sources to be able to purchase their wants (and needs). Multitasking is also a means for creative expression –which they have plenty. From multitasking, they are now evolving into being multi‐hyphenate, e.g., a young professional writer, artist, and entrepreneur rolled into one.

How do millennials disturb society? Their being independent (if not self‐absorbed or “me culture”) makes them in‐charge of their future. They demand new careers (or even create their own) as they find many existing disciplines and professions as very traditional. The competencies earned in school are mere inputs to redesigning new careers. The school is just one of the many learning hubs.

Disturbing does not refer only to a negative disruption but also to a movement needed to rebuild a broken or unsettled society. We must disrupt in order to rebuild!

Are we disturbing our millennials giving them the environment conducive to change? Or are we just distracting them from releasing their energy?

We are “distracting” our millennials if we insist on enforcing inflexible rules, offering traditional (read: archaic) programs, setting or measuring standards and practices based on obsolete measures, feeding them with alternative truths (facts), and not giving value to arts and humanities (which has found renewal among our young people).

True to form, millennials can initiate and lead if the existing systems are unable to “deliver” what are needed to rebuild a society they envision.

Disturbing Asian Millennials: Some Creative Responses will examine the disruptions affecting our millennials and how these young people are creatively responding to or coping with disruptive changes and challenges. The conference will also crowdsource from them ideas and strategies in creating and building an alternative or desired Asian community.

Forum Objectives

The forum provides a platform to achieve the following:

Understand the millennial mindset and behavior especially their career goals and plans;

Describe the unique communication behaviors, patterns, and tools of millennials andthe messages which resonate to them

Share lessons and experiences on how millennials creatively and critically respond todisruptions;

Examine communication strategies which work for the young generation; and

Crowdsource recommendations from millennials on what constitutes an ideal advancedcommunication program highlighting 21st century competencies and skills.

For more details visit https://cis-india.org/internet-governance/26th-amic-annual-conference-2013-india-2018

Police to counter fake news on WhatsApp

Admin — 2018-06-26T01:45:20Z

State police across Karnataka, Assam, Telangana and Kerala are designing social media campaigns as an antidote to fake news on messaging apps like WhatsApp following claims that these platforms have been used to incite violence across several locations in recent weeks.

The article by Nilesh Christopher and Naveen Menezes was published in the Times of India on June 14, 2018. Pranesh Prakash was quoted. Also see the story on Economic Times here.

Alarmed by the rising incidence of attacks on individuals as a result of rumours spread by users of the app — owned by social network Facebook — law enforcement authorities across several states are intensifying community policing using the same platforms.

Bengaluru police commissioner T Suneel Kumar said the department is creating awareness about #FakeRumourOnChildKidnappers on social media as well as by distributing pamphlets across the city. “We have not written to either Facebook or WhatsApp as they would take their own time to respond. Instead, we have alerted our police personnel to be aware of repetition and are reaching out to people through different means,” he told ET.

Last month, a mob lynched a man in a Bengaluru locality suspecting him to be a child abductor.

SPECIAL POLICE TEAMS FORMED
This was preceded by widely circulated videos on WhatsApp warning people about kidnappers being on the prowl in the city. Police arrested 25 people including four women and a minor in connection with the case.

Incidents of lynching have also been reported across Assam, Telangana, Tamil Nadu and Kerala, where fake news and videos about suspected child abductors distributed on WhatsApp caused alarm among villagers.

In Assam, over a dozen people have been arrested after a mob lynched two youngsters last week suspecting them to be child kidnappers. “We are monitoring social media and have chalked out counter strategies to ensure fake messages are not spread. The department also interacts with the public constantly,” DS Chauhan, Additional Commissioner of Police (Law and Order), Hyderabad City, told ET.

“I do not have the details on whether anyone is arrested for spreading fake messages. It’s difficult to trace who started the rumours,” he said.

In response to ET’s queries, a WhatsApp spokesperson said, “The privacy and security of our users is very important to WhatsApp. We've made it easy to block any phone number or report spam and we encourage people to report problematic messages so that we can take action. We’re also stepping up our education efforts so that people know about our safety features, as well as how to spot fake news or hoaxes on WhatsApp.”

In Telangana and Assam, special police teams have been formed to monitor social media and to track fake messages and prepare a counter response.

“In a week we get at least three calls of WhatsApp rumours causing unrest in various locations”, said an officer from the cybercrime branch of the Kerala Police.

“We have given them (people) directions to start counter propaganda immediately, and we are assisting them in dispelling the rumour. We try to identify the administrator of the (WhatsApp) group that is used to spread rumours,” said the officer. He said the social messaging app has, so far, not cooperated with the police on these efforts.

ANALYSTS DIVIDED
Cyber security analysts are divided on whether more can be done by social media platforms to counter the rising threat of fake news on these platforms. “This is clearly a case of a platform like WhatsApp (owned by Facebook) not doing enough. Just because WhatsApp is end-to-end encrypted it does not mean their hands are tied,” said Pranesh Prakash, a fellow at the Centre for Internet and Society, a policy advocacy group.

“The WhatsApp application is linked to a mobile number, the platform has access to trace the individual who spread rumours,” said Prakash. They (social media networks) can “remind or signal to users about the terms of services when anyone spreads rumours,” he added.

India has the largest user base for both WhatsApp and Facebook with over 240 million people accessing the platform. WhatsApp is also testing a digital payment system using the homegrown UPI network in the country.

On the other hand, Apar Gupta, cofounder of Internet Freedom Foundation (IFF), reckons the danger from rumours that spread on WhatsApp is not just a technology issue but also a societal one.

“Looking to decrease privacy in these platforms as a solution to curb fake news, or introducing a pre-screening mechanism to check every message that is sent is not a credible solution,” he said.

To be sure, WhatsApp is testing a new feature wherein messages that are forwarded carry the tagline saying ‘forwarded as received’ alerting users that it is not an original creation but just a forward. The feature has not been rolled to all users in India.

For more details visit https://cis-india.org/internet-governance/news/the-times-of-india-nilesh-christopher-and-naveen-menezes-june-14-2018-police-to-counter-fake-news-on-whatsapp

'Full belief in fake texts shows cops not trusted'

Admin — 2018-06-26T01:21:04Z

Nilotpal Basu and Abhijeet Nath, an audio engineer and digital artiste, were beaten to death in Assam's Karbi Anglong last week based on rumours that they were kidnappers.

The article was published in the Times of India on June 18, 2018. Pranesh Prakash was quoted. Inputs from Kim Arora.

A manipulated WhatsApp video is said to be the source of the panic. While it is just the medium and not the reason behind the killings, WhatsApp, with its 250-million users in India, allows rumours to travel farther than ever before. "In many non-urban areas, such WhatsApp videos are the first form in which people encounter the internet on their phones. They don't always go online and verify them," says Jency Jacob, who runs the fact checking outlet Boom. This gullibility can't be explained just by class or education, he says. "Technology makes it easy to believe what you want to believe and spread it," says Jacob.

The spread of internet gives wings to rumours in pockets where kidnappings are a real fear. The states where lynchings have been reported are also among those with high figures for child abductions. Technology has helped rumours travel greater distances with greater impunity, says Pranesh Prakash, fellow at Centre for Internet and Society, recalling that child abduction rumours led to a lynching in Tamil Nadu in 2015 too, but this time, "such rumours have spread all over South India". And as the Karbi Anglong killings show, to Assam as well.

WhatsApp being an encrypted platform, police cannot trace the source of the rumourmongering. WhatsApp did not respond to TOI's queries on tracing origins of hate messages, but a spokesperson shared a statement saying they "block automated messages" and are educating people about spotting fake news and hoaxes.

In many cases, law enforcement has failed at a more basic level. Child abduction is a disturbing rumour, designed to provoke an emotional reaction, but other anxieties are at work too. "Rumours tend to escalate when there is a lack of official information, and clearly many feel what happens to them and their children does not get attention at higher levels," says sociologist Dipankar Gupta. It also points to a collapse in the state's credibility, he says. So, Gupta says, "there is no seeking of justice, only reprisal."

For more details visit https://cis-india.org/internet-governance/news/times-of-india-june-18-2018-full-belief-in-fake-texts-shows-cops-not-trusted

Jindal varsity's international affairs students shine in job market

Admin — 2018-06-26T01:06:11Z

Turning a common perception on its head, international affairs students of O.P. Jindal Global University here have shown that pursuing a so-called "conventional" course can also open several doors of recruitment including in multinational companies, think tanks and international NGOs.

The article was published in Economic Times on June 19, 2018.

This year, Indian Political Action Committee (I-PAC), Care India and Development Alternatives led the recruitment for the students of the Jindal School of International Affairs (JSIA), the university said in a statement on Monday.

The corporate and non-profit institutions which recruited JSIA's students include KPMG, Grant Thornton, Justice and Care, Deloitte, CREA, ESSAR Foundation, CRY, Godrej Culture Lab, Akshaya Patra Foundation, Atma Foundation, Sattva Consulting, The Centre for Internet and Society, and Global Trust.

"In the past, the study of international affairs was seen as leading only to civil service jobs or higher education ending in academic jobs," said C. Raj Kumar, Vice Chancellor, O.P. Jindal Global University.

"JSIA has diversified the field significantly and showed the path to a variety of full-time positions for its graduating students," he added.

JSIA combines the scholarly weights of three inter-related disciplines -- international relations, international law and international business.

"We expect several domestic and international non-profit and for-profit entities to hire from our future graduating batch as several organisations have signed Memorandum of Understanding (MoUs) with our university for offering internships to our students," Sreeram Chaulia, Dean of JSIA.

More than 40 organisations have led JSIA to achieve 95 per cent internship placements in diversified fields this year, the statement said.

For more details visit https://cis-india.org/internet-governance/news/economic-times-june-19-2018-jindal-varsitys-international-affairs-students-shine-in-job-market

Data Privacy: Footprints on the Web

Admin — 2018-06-25T16:48:34Z

Technology has made data protection a hot button issue. Now, a group of eminent citizens, mostly lawyers, have formulated a draft privacy bill, a legal framework that protects the individual’s right to privacy, but it faces legal jurisdiction issues

The blog post by Sujit Bhar was published in IndiaLegal on June 21, 2018.

Lack of data privacy is a modern day peril. Quite like the individual’s right to privacy—one that has been raised to the level of a Fundamental Right by the Supreme Court—data privacy today is prime, because technology has made our lives fully dependant on associated data. Hence, by extension of the same logic and arguments that the top court used for personal privacy, data privacy should be protected.

The methodology to be adopted, though, is not as easy to determine given the lack of legislation in the field, the improbability of existing technology to ensure complete privacy and because of legal jurisdiction issues.

Also, to what extent data privacy can and should be allowed is a legal argument that needs to be supported by other fields of knowledge. The Supreme Court decision to award privacy as a Fundamental Right will act as a plinth in determining this.

To that end a group of eminent citizens, mostly lawyers, came together and formulated a draft privacy bill with the objective of slicing through banal arguments that would ensue if this was to wait for public re-reference/debate.

The proponents—Apar Gupta, Gautam Bhatia, Kritika Bhardwaj, Maansi Verma, Naman M Aggarwal, Praavita Kashyap, Prasanna S, Raman Jit Singh Chima, Ujwala Uppaluri and Vrinda Bhandari—have tried to develop their own privacy bill, based on the foundation of the Privacy (Protection) Bill, 2013, “which was drafted over a series of roundtables and inputs conducted by the Centre for Internet and Society, Bangalore”.

In doing so the group started from what it calls “seven privacy principles”, derived from various constitutional and expert texts.

Principle 1: Individual rights are at the centre of privacy and data protection.

This says that “the individual and her rights are primary. The law on privacy must empower you by advancing your right to privacy…”including “your right to autonomy and dignity.

Principle 2: A data protection law must be based on privacy principles.

Here reference is made to the report of the Justice AP Shah Committee of Experts. It’s a method that has been left flexible, to accommodate fast developing technology. There is a reference to Moore’s Law in this. Moore’s Law has remained one of the most overwhelmingly true laws of the IT industry. Originating in 1970, it says that processor speeds, or overall processing power for computers “will double every two years”. While that has remained true till now, with the development of multiple core processors, this law too has seemingly run its course. With the world changing at such a fast pace, if the data privacy bill/law does not remain flexible, it would also be quickly consigned to a museum of laws. Hence this flexible approach will be crucial.

Principle 3: A strong privacy commission must be created to enforce the privacy principles.

This is the part of establishing an oversight authority, “a strong body to ensure that the data protection rights are put into practice and enforced”. This structure has been treated for something “that works in principle and in practice.”

There is one part that says that this proposed “Privacy Commission”, has been “provided wide powers of investigation, adjudication, rule-making and enforcement. The Commission should adopt an approach that builds accountability for the rights of users by having powers to impose penalties that are proportionate to the harm and build deterrence.” This, obviously, means that it will be stepping onto the toes of other laws and that would be a rough road to navigate. However, as the group’s own philosophy says that the problem with technology oriented legislation is that it takes catching up with the progress of technology. To overcome this, the group wants to “make sure that the Privacy Code is not outdated” and hence wants to make sure that the “Privacy Commission can exercise rule making powers to give effect to the data protection principles under the regulation”.

The other part of the philosophy is of acknowledging and addressing public complaints. Hence the legal rigidity of regular acts would be dismissed. How this can work with enforcement agencies, though, will remain a matter of debate. The draft bill says that the “Privacy Commission must serve as the forum for the redressal of the general public’s grievances”, and that “Privacy Commissions should have the ability to investigate (independently through the office of a Director General), hold hearings and pass orders with directions and fines”.

That could be legal nightmare, because unlike a simple code, the bill has to pass through parliament to become an act, and legislators are the ones who have final say in remodelling an existing law. How much power they would agree to delegate is anybody’s guess.

Of course, the draft also calls for the courts to welcome public opinion. There seems to be a slight hitch in the wording, which says that “…while the Privacy Commission serves as the forum for redressal, the public should retain the remedies of approaching the civil courts (even in instances where harm is suffered by a group of people) and of filing police complaints directly”. That questions even the oversight authority of the commission. There is another objective—a hope, one would say—that the Privacy Commission must have jurisdiction over the government, as it does over the private sector. The Privacy Commission should have overriding power and superintendence over all legal entities in matter of data protection and privacy”. While this sounds good on paper, the issue of national security can override all. At this point, according to a cyber security expert, there is talk within the Indian government on how to deal with the social media messaging app WhatsApp. Technically, as the company points out, messaging through an app is encrypted (military grade encryption, it is said) end-to-end. Hence terrorist groups have zeroed in on this as a common idea exchange platform. There could possibly be restrictive legislation on this. That could strike at the heart of data privacy.

The government’s reaction, though, could become counter-productive. This could be visible in what the Justice Srikrishna-led Committee of Experts possibly could recommend.

Principle 4: The government should respect user privacy. Technically, if this bill, in its current form, has to go through parliament, members of both houses should be willing to accept that it will have no snooping powers, ever. The way the government fought tooth and nail against personal privacy in court—and the Aadhaar verdict is still awaited—this proposal seems unlikely to have an easy passage. The draft says: “It is imperative that the government, its arms, bodies and programmes be compliant with the privacy protection principles through a data protection law.”

There is a caveat within this, saying: “We support the use of digital technologies for public benefit. However, they should not be privileged over fundamental rights.” The proposal also says: “The government is responsible for the delivery of many essential services to the public of India. These services must not be withheld from an individual, due to such individual not sharing data with the government. Withholding services on the pretext of requirement of collection of data effectively amounts to extortion of consent. Individuals cannot be forced to trade away their data and citizenship at the altar of being permitted to use government services and access legal entitlements on welfare.” This will have to wait its validation or dismissal through the Aadhaar verdict.

Principle 5: A complete privacy code comes with surveillance reform

This is another tricky issue for any government. It talks about how the Snowden revelations “brought to public knowledge that our personal data is collected in an indiscriminate manner by governments”. The draft calls this collection procedure “dragnet surveillance”, because it “contravenes the principles of necessity, proportionality and purpose limitation”. Necessity and proportionality have been argued in detail during the Aadhaar debate in court and till that verdict is out, it would, possibly, not be right to delve into this, though a recommendation for procedural safeguards might run into the same wall as in the case of encrypted software in social media apps. The draft accepts the possibility of “individual interception and surveillance”, but says “this should be severely limited in substance and practice through procedural safeguards”.

Principle 6: The right to information needs to be strengthened and protected

This basically refers to the Right to Information Act and seems completely justified, with Information Commissioners being “exempted from interference or control by the Privacy Commissioner”.

Principle 7: International protections and harmonisation to protect the open internet must be incorporated

Another contentious issue, being fuelled by the loss of face by Facebook in its effort to introduce graded access (with paywalls).

The group widens its scope in stating that “we need to be guided by the Supreme Court’s Right to Privacy decision and make reference to the European Union’s General Data Protection Regulation”. More interestingly, the group admits that every law will have certain exceptions. It says: “…but without clear wording sometimes exceptions swallow up the rule. We adopted a three part test in our drafting process in which any exceptions to these privacy principles should be: (a) worded clearly; (b) limited in purpose, necessary and proportionate to the aim; and (c) accompanied by sufficient procedural safeguards”.

On the face of it, the overall draft represents a novel and upright way of thinking, and if some of this is accepted while the government mulls the Justice Srikrishna Committee’s recommendations (expected late this month), it would be a good beginning.

For more details visit https://cis-india.org/internet-governance/news/india-legal-live-june-21-2018-data-privacy

Death By WhatsApp

Admin — 2018-06-25T15:47:41Z

The fatal messages were both in text and in audio. They were in Telugu, Kannada, Tamil, Hindi, Assamese and Gujarati among others.

This was published by News18.com on June 25, 2018. Sunil Abraham was quoted.

Guys please be on high alert10:24 PM

Three kids were kidnapped from my friend’s area this morning.. There were 10 guys giving biscuits and people from that area have caught all 10 n 5 more based on their info...10:24 PM

Cops arrived at scene and informed that 400 people have landed in Hyderabad (or Bangalore or Chennai or KarbiAnglong or Singhbhum or any other place) for child trafficking. Check my next video and repost. Parents pls be on high alert.10:25 PM

The Snowball Effect

No one had any idea where the messages originated from or who was the original sender. But when it comes to the safety of one’s children, these questions become irrelevant.

Maybe, if someone had stopped to ask these questions, this fake WhatsApp message wouldn’t have led to 22 murders in one year. These 22 ‘outsiders’ were lynched by mobs on the mere suspicion of being the non-existent ‘child lifters’.

Phony as a three-dollar bill, the message spread like forest fire from Jharkhand to Tamil Nadu and Assam to Gujarat. In each state, it preyed on the raging ‘local versus outsider’ sentiment. It started doing the rounds of southern states around the time when political discourse was hijacked by the ‘North versus South’ debate.

It might be easy now to scoff at those who believed and further shared the fake message, but hindsight is always a perfect 20/20.

In fact, according to a research by University of Warwick, 40% of fake news cannot be spotted by average educated adults. Even if they do feel something is amiss, only 45% adults can place their finger on what exposes the news as fake.

Social media and internet penetration have only aggravated the problem in India, where the written word is rarely doubted.

Social media and internet penetration have only aggravated the problem in India, where the written word is rarely doubted.

In the last four years, social media usage in the country has gone up by 150% with an 83% increase in smartphone ownership. Such proliferation and the availability of competitive data plans have ensured digital intrusion in areas where people have had no exposure to the concept of fake news or digital privacy.

Caveat emptor does not apply in this case, says Sunil Abraham, the Executive Director of Bangalore-based research organisation Centre for Internet and Society.

A Timeline of Deaths

CHAPTER 1

The Propaganda Machine

WhatsApp has unfortunately become a fertile breeding ground for parasites that prey on fear. At present, it has 200 million active users. These users are potential victims of fake news given the complex form of anonymity that WhatsApp offers. It is mainly to arrest the fake news propaganda that the first step in violence-hit areas is to suspend internet services.

In this case, too, the original culprits took cover in this anonymity and experts believe they may never be unmasked. While Facebook and other social media websites are under pressure to address the menace, an inter-personal software, such as WhatsApp, skirts the scanner.

“Those who are passing the rumours cannot be traced or haven’t been traced purely because they are on WhatsApp groups. My guess is that they would have started it (the rumours) on WhatsApp because it is difficult to trace. Once it starts, it (the message) makes its way to everywhere. Somebody gets it on WhatsApp, they put it on their Facebook profile or forward to other WhatsApp users. It goes across multiple platforms. It is not limited to one platform,” says Alt News co-founder Pratik Sinha.

Those who are passing the rumours cannot be traced or haven’t been traced purely because they are on WhatsApp groups

Given its penetration, WhatsApp has emerged as a cheap medium to propagate hate.

Police officials investigating the murder of senior journalist and Left-leaning thinker Gauri Lankesh in Bengaluru were surprised to find out that a key suspect was an ‘admin’ for hundreds of groups.

KT Naveen Kumar, a college dropout, floated his outfit ‘Hindu Yuva Sena’ in Mandya near Bengaluru three years ago. The Hindutva activist confessed to the police that he created several WhatsApp groups — Hindu Yuva Sena, Jago Hindu Maddur, Bajrang Maddur and Kaveri Boys among others — to propagate his ‘Save Hinduism’ agenda.

Once you create a WhatsApp group and add ‘participants’, you are free to make others the ‘admin’, who in turn can add scores of people to the group. There is no known cap to the number of participants in a WhatsApp group.

How To Spot Fake News

CHAPTER 2

Jharkhand

The fake message on ‘child lifters’ added fuel to fire in Jharkhand, which has been plagued by child abductions and kidnappings for years. Young girls from the state have been known to be abducted and forced into modern-day slavery in other states.

Villagers, who had never heard of the concept of fake news, bought into the rumours. And since a photo can say a 1,000 fake words as well, graphic images freely available on the internet were used alongside the message. The propaganda did the trick and aroused murderous rage among the local tribal population.

At least nine people were killed in separate incidents over as many days in Singhbhum district. Angry mobs beat and hacked the victims to death, assuming they were saving their young ones from ‘child lifting’ gangs that were rumoured to be abducting children for organ trade.

The death toll would have been higher had protest marches against the fake news and the killings not been held in cities like Jamshedpur. While these protests did not get the police to act against hate mongers on social media, the uproar publicised the fact that the message was a fake one.

Over the next few days, alleged ‘child lifters’ were caught in other villages, but were duly handed over to the police.

The disinformation campaign died a natural death in Jharkhand, but moved to a new hunting ground.

CHAPTER 3

Tamil Nadu

More than 2,000 km from Jharkhand, the message landed in Tamil Nadu with an additional detail — be wary of ‘North India people’. It warned of a gang of 400 ‘North Indians’ out to lure children for organ trade. These people, the message added, may try to gain entry inside homes on the pretext of being repair men or hawkers. Again, the images of mutilated bodies did the trick.

No one stopped to think whether a ‘gang of 400 outsiders’ could travel undetected. No one called the 100 helpline to confirm the rumour with the police. The mere ‘police-arrived-at-the-scene’ was enough to convince people of its authenticity.

A man in Thiruvalluvar, north of Chennai, became the state’s first victim of the fake news. A mob beat him mercilessly and hung him from a bridge in Pulicat on May 10.

The mob didn’t even give her a chance to be heard.

The second lynching came in less than 24 hours. This time the victim was an elderly woman identified as Rukmani in the temple town of Thiruvannamalai. She was returning from a temple visit with her relatives when they stopped their car at a village. Rukmani was handing out ‘foreign chocolates’ to local children when word spread that a woman was ‘luring’ kids with sweets.

“The mob didn’t even give her a chance to be heard. Giving out chocolates to children doesn’t make you a child trafficker. I’m scared to even step out after this incident,” says a relative who was in the car with Rukmani and was grievously injured.

Police officials rounded up at least 30 people and charged them with murder.

CHAPTER 4

Andhra Pradesh & Telangana

The mob madness spread to Andhra Pradesh and Telangana next, again preying on anti-migrant sentiment. The first attack was reported mid-May when 12 people were suspected to be members of ‘Parthi’ gang, a group notorious for dacoity in Madhya Pradesh and Maharashtra.

A couple of days later, a mob beat up two beggars in Vishakhapatnam, killing one of them.

Another horrific attack unfolded in Hyderabad where a transgender was stoned to death by a mob of 200. The victim had travelled from Mahabubnagar district with three others to seek alms in the holy month of Ramzan.

Soon, the fake news reached other districts. A man visiting a relative in Nizamabad was killed when he failed to give ‘satisfactory’ explanation to the mob about his presence there.

A murder in Yadadri district of Telangana, an attack on nine people in Vikarabad district and an assault on a woman at the Guntur railway station followed within days.

CHAPTER 5

Karnataka

The mob mentality fuelled by the fake news campaign reached Karnataka, where the ‘local versus outsider’ debate had reached fever pitch during election campaigning.

WhatsApp users in Bengaluru, India’s Silicon Valley, started receiving warnings on ‘child lifters’ in Kannada.

“Don’t leave your kids unattended..if you find such traffickers, tie them up and call the cops (sic),” one such message advised.04:24 PM

A 26-year-old construction labourer from Rajasthan, identified as Kalu Ram, who had come to look for work was tied with a rope, dragged through the streets of Chamarajpet in west Bengaluru. Beaten with bats and other household ‘weapons’, he succumbed to his injuries.

According to Additional Commissioner (West) BK Singh, India saw a similar kind of 'madness’ 20 years ago with the ‘Ganesha drinking milk’ rumour, but WhatsApp has taken it to a dangerous new height.

“This hapless man was walking alone. Two persons standing there saw him and started following him to a shop just 100 metres away. Suddenly, a crowd gathered. People brought whatever they could find in their homes — cricket bats, stumps, ropes etc,” Singh says.

“Once a crowd becomes a mob, you cannot control it. Many of them may be meek persons individually, but they are taken in by the presence of the mob. The mob thinks that if they act collectively, police won’t act and they can get away easily,” Singh adds.

People brought whatever they could find in their homes — cricket bats, stumps, ropes etc.

Around 20 people were arrested based on CCTV footage and videos taken by bystanders, who did nothing to help the hapless victim. One of the main accused is 26-year-old Anbu, who has other criminal cases pending against him. Four women and a minor were among those in custody. All of them face murder charges now.

The spread of the fake news in Tamil Nadu may also have led to the violence.

Pension Mohalla in Bakshi Garden where the attack took place has a dominant Tamil population. Some of them could have been aware of the rumours before it made its way to Bengaluru. When the WhatsApp messages started doing the Silicon Valley’s rounds, it may have been perceived as a confirmation of the fake news.

Another person was killed under similar circumstances in Salem. The state witnessed seven more such attacks.

CHAPTER 6

Assam

The latest casualty of the fake news was reported in Assam, again a state which deals with anti-migrant sentiment.

On June 8, two youths from Guwahati were battered to death in Karbi Anglong district on suspicion of being child lifters. Police said Abhijit Nath and Nilutpal Das were on their way to the Kanthe Langshu picnic spot when their vehicle was attacked by a group of men at Panjuri Kachari village, 16 km from Dokmoka town.

Eyewitnesses said the two boys were brutally beaten with bamboo poles and wood, and tortured to death by a mob of allegedly inebriated villagers.

“It happened when some locals informed a group of villagers about two men travelling in a black car with an abducted child. These few villagers were drinking in the roadside dhaba and immediately called upon more people to trace the car and catch them. The mob stopped the car and surrounded the two boys inside. The village elders tried to stop them from beating the boys, but they would not listen,” said a local shopkeeper.

The two boys were brutally beaten with bamboo poles and wood, and tortured to death by a mob of allegedly inebriated villagers.

This incident was yet again preceded by paranoia fuelled by WhatsApp forwards. The messages warned people of 'sopadhora' (child lifters) being on the prowl. Many in Karbi Anglong, one of the most backward areas of the country, took those messages as gospel.

“We have arrested 35 people so far. Some of them are directly involved in the attack, while one has been arrested for posting objectionable content on social media, inciting communal violence soon after the incident took place. There’s no substance to the rumour of ‘sopadhora’ (child lifters) in the area. But it had created a fear psychosis among people here,” says Agarwal.

Death By Whatsapp

For more details visit https://cis-india.org/internet-governance/news/death-by-whatsapp

Is Privacy Obsolete?

Admin — 2018-06-23T05:01:21Z

Pranesh Prakash was a panelist at this event organized by TERI in Bangalore on June 22, 2018.

For more details visit https://cis-india.org/internet-governance/news/is-privacy-obsolete

Anushka finds support for her anti-litter tirade

Admin — 2018-06-23T01:11:25Z

She is well within her rights to shame the affluent man who threw plastic waste out of his swanky car, many say.

The article by Nina C. George was published in Deccan Herald on June 19, 2018. Swaraj Barooah was quoted.

On Tuesday, movie star Anushka Sharma caught a man throwing out litter from the window his luxury car, and took him to task. In a 17-second-long clip that went viral, she gave a furious dressing down to the man, identified as Arhhan Singh, sitting in a chaffeur-driven sedan.

Arhhan Singh later described her as a “crazy roadside person”. Many started trolling Anushka. Her cricketer-husband Virat Kohli soon jumped in to back her and her cause.

Elli AvrRam

The actor says Anushka was right in shaming Arhhan Singh. “It is everybody’s duty to stop littering,” she says.

Pooja Chopra

The actor says the video is a message loud and clear to all those in chauffeur-driven cars who don’t think twice before littering. “The man who threw out plastic should have apologised. It’s not about Anushka flaunting her celebrity status. I would have also done it had I been in her place," she says.

MK Raghavendra

The well-known film critic feels celebrities have, for once, proved useful. “Anybody who sees people throwing garbage on the street must take exception to it. Throwing garbage is a social nuisance and I think it should be ideally treated as a minor criminal offence."

Rahul Rajashekharan

Actor and Mr. India runner-up says, “She wasn’t rude and was only telling the man not to throw garbage. Educated people throwing garbage on the street is unacceptable.” People in Mumbai have been working towards cleaning their beaches, and movements across the world are campaigning against the use of plastic. She did the right thing by posting the video on social media, he says.

Raghu Dixit

The singer and composer says he has protested against anything that “goes against basic civic sense.” The people he confronts, he says, sometimes apologise, and at other times get defensive. “It’s not about being a celebrity. We should decisively act towards making our country litter-free," he says.

Guru Prasanna, Advocate, HC, Karnataka

It was natural for Anushka to question somebody throwing garbage on the street. The damaging part was perhaps Virat Kohli’s tweet calling Arhhan Singh, the man in the car, “brainless.” Arhhan Singh and his family have taken offence to the public shaming but they don’t really have a legal case against Anushka and Virat. “There is no action here against which a person can claim any sort of injury. If there is a conscious campaign to bring down somebody’s reputation then it could have legal implications."

Swaraj Barooah, senior programme manager, Centre for Internet and Society, Bengaluru

“It may be poor form to shame a private person, as the point about littering could be made as easily without revealing the identity of the person. But it would be incorrect to claim a legitimate expectation of privacy while committing a public act, which is littering, in this case. On the question of whether this is harassment: This is unlikely to be seen as a legal case of harassment, as it is just one act, and not one of many acts. Nor do Virat and Anushka have a history of going about and ‘shaming’ people online.”

For more details visit https://cis-india.org/internet-governance/news/deccan-herald-june-19-2018-anushka-finds-support-her-anti-litter-tirade

Comments on the Telecom Commercial Communications Customer Preference Regulations

Sandeep Kumar, Torsha Sarkar, Swaraj Barooah, Gurshabad Grover — 2018-06-23T00:44:47Z

This submission presents comments by the Centre for Internet & Society, India (“CIS”) on the Telecom Commercial Communications Customer Preference Regulations which was released to the public by the Telecom Regulatory Authority of India (TRAI) on 29th May 2018 for comments and views.

Preliminary

This submission presents comments by the Centre for Internet & Society (“CIS”), India on ‘The Telecom Commercial Communications Customer Preference Regulations, 2018’ which were released on 29th May 2018 for comments and counter-comments.

CIS appreciates the intent and efforts of Telecom Regulatory Authority of India (TRAI) to curb the problem of Unsolicited Commercial Communication (UCC), or spam. Spam messages are constant irritants for telecom subscribers. Acknowledging the same, TRAI has proposed regulations which aim to empower subscribers in effectively dealing with UCC. CIS is grateful for the opportunity to put forth its views and comments on the regulations. This submission was made on 18th June 2018. This text has been slightly edited for readability.

The first part of the submission highlights some general issues with the regulations. While TRAI has offered a technological solution to the menace of UCC, the policy documents have no accompanying technical details. TRAI has not made a compelling case for why Distributed Ledger Technologies (DLTs) should be used for storing data instead of a distributed database. There is no clarity on the technical aspects of the proposed DLTs: the participating nodes in the network, how these nodes arrive at a consensus, whether they are independent of each other, are questions that remain unanswered. The draft regulations also mention curbing Robocalls, but technical challenges associated with the same have not been discussed. Spam which is non-commercial in nature remains out of the scope of the current regulations.

The second part of this submission puts forth specific comments related to various sections of the draft and suggests improvements therein. While CIS appreciates the extension of the deadline from 11th June to 18th June, we would like to highlight that the Draft was released on 29th May, and despite the extension, the time to submit comments remains less than a month. Considering the fact that the draft regulations hold significance for the entire telecom industry and nearly 1.5 billion subscribers, TRAI should have granted at least a month’s time for the stakeholder’s sound scrutiny.

General Comments

Distributed Ledger Technology (DLT)

The draft greatly emphasizes the fact that data regarding Consent, Complaints, Headers, Preferences, Content Template Register and Entities are stored on distributed ledgers. The intent is to keep data cryptographically secure with no centralized point of control. However, the regulations do not go into the technical details of the working of these distributed ledgers leading to several potential pitfalls.

As per the draft, every access provider has to establish distributed ledgers for Complaints, Consent, Content, Preference, Header, Entities and so on. There are specific entities mentioned which will act as nodes in the network, and these nodes are preselected.

Whenever a sender seeks to send commercial communications across a list of subscribers, the list is ‘scrubbed’ against the DL-Consent and DL-Preference, to check whether the subscriber has given consent and registered their preference. The sender can only send the commercial communication to the numbers which are present in the scrubbed list.

The objective of these regulations is to protect consumers’ rights but the consumer, i.e., the subscriber, is not a node in the distributed ledger. Since the primary benefits of decentralization are gained when the trust is devolved to the individual subscribers, and the individual users are not specified as participating nodes in the ledger, the justification behind a distributed ledger is unclear.

Additionally, the proposed regime requires the subscriber to place her trust in the access provider to register the complaint, thus offers no tangible benefit over the current regulation. While there are penalties for non-compliant Access Providers (APs), there are no business incentives for APs to expend the extra amount of resources required in for effective implementation of this technology, to act in the users’ interest. This builds a system where APs interests clash with subscribers, but they are nonetheless required to be the guardian of the subscribers’ concerns.

Further, the nodes are entities constituted by the access providers (APs), and there is no mechanism to ensure that they behave independently of each other. In such case, it is wholly possible that all nodes on a distributed ledger are run by the same entity, thus defeating the purpose of establishing consensus. The proposed regulations do not address this scenario.

One solution would be to add subscribers as nodes to the DLT network. But this would be impractical as the technical challenges associated therein, including generating public-private key pairs of each user, the computational complexity of the network, are immense. If this is indeed the intention of TRAI, this has not been spelled out clearly in the draft regulations. Additionally, in such a scenario, there would be no requirement for mandating every AP to maintain their own DLT for customer preference and consent artifacts.

Considering the points mentioned above, we request TRAI to publish the technical specifications of DLTs, which addresses the following issues:

Who can participate in the network other than the entities mentioned in the regulations? Are these participating entities independent of each other? If not, then how will the conflict of interest be resolved?
What is the consensus algorithm used in the DLTs?
Will the code to implement DLTs be open-source?

Our recommendations are three-fold in this regard:

If distributed ledger is used, then, mechanisms should be devised to ensure the integrity of the consensus. For this, participating nodes in the network must be independent of each other. Aforementioned points regarding consensus protocol should be taken into consideration as well.

In place of DLTs, we recommend the use of a distributed database with signature-based authentication and encryption of the data to be stored. The immutability and non-repudiation of data can be achieved in this way. Distributed ledgers such as DL-consent, DL-preference, DL-complaints are instances where authentication of data and subscriber can be done using simplers means such as OTP verification, etc. So, such ledgers need not necessarily utilize DLTs.

The regulations should mandate the open-source publication of the implementation of the DLTs. This will enable interoperability, add transparency to the functioning of the regulations, and enable security audits to ensure accountability of the APs.

Broadening the scope of the Regulations to non-commercial communication

The proposed regulations attempt to specifically curb unsolicited commercial communications as defined in Regulation 2(bt). But, there are other forms of communication which are unsolicited and non-commercial, including political messages and market surveys.

We recommend that the scope of the regulations should be broadened to include both commercial and non-commercial communications. And both of these should be grouped under the category of Institutional Communications. Wherever needed, changes should be made to the regulations dealing with UCC to suit the specific requirements of dealing with unsolicited non-commercial communications as well. At the same time, the regulations should ensure that individual communications are not brought within their ambit.

Technical challenges in combating Robocalls

Robocalls are defined in Regulation 2(ba) and in Schedule IV, provision 3, it has been clubbed with other kinds of spam. However, there are some specific technical challenges in regulating robocalls. Right now, ‘block listing’ is a prevalent model where one can identify a number and then block it so that it cannot be used further. But with robocalls, spoofing of other numbers is easily achievable which makes the blocking of the real identity of caller difficult. The proposed regulations do not adequately address this challenge.

The Alliance for Telecommunications Industry Solutions, with working groups of the Internet Engineering Task Force (IETF), has been working on a different approach to solve this problem. They are working on standards for all mobile and VoIP calling services which would enable them to do cryptographic digital call signing, “so calls can be validated as originating from a legitimate source, and not a spoofed robocall system. The protocols, known as ‘STIR’ and ‘SHAKEN,’ are in industry testing right now through ATIS's Robocalling Testbed, which has been used by companies like Sprint, AT&T, Google, Comcast, and Verizon so far”.

TRAI should take into account these developments and propose a specific regime accordingly. One possible way forward, for now, could be the banning of robocalls unless there is explicit opt-in by subscribers.

Registration of content-template

The draft envisages a distributed ledger system for registration of content template which would have both a fixed part and a variable part. The content template needs to be registered by the content template registrar, which would be an authorized entity.

Problematically, the content template is defined to include the fixed part as well as the variable part. Further, Schedule I, provision 4(3)(e) mandates that content template registration functions should be utilized to extract fixed and the variable portion from actual messages offered for delivery or already delivered. The variable portion of the message contains information specific to a customer, as defined in regulation 2(q)(ii). In addition to privacy concerns with accessing the variable part, there is no functional reason for variable portions to be extracted from the actual message, as only the fixed portion needs to be verified.

The hash of the fixed portion of the message can be used to identify whether a user has received UCC or not. We, therefore, recommend that the variable portion of the message shall not be made accessible to entities because it is not required for the identification of a message as UCC.

‘Safe and Secure Manner’

Throughout the draft, reference is made to the data collected being stored and/or exchanged in a ‘safe and secure manner’, without any clarification as to what this term implies.

We recommend that the term be defined as ‘measures in accordance with reasonable security practices and procedures’ as given in section 43A of the Information Technology Act, 2008 read with section 8 of the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011.

Bulk Registration

In the Consultation paper published by TRAI, bulk registration was envisaged as a way to curb UCC wherein one member of the family can register on behalf of the family. Australia has already implemented this mechanism.

In India, evidence suggests that major victims of spam are the elderly and people with limited financial capacities. In such cases, consent and preference registration on behalf of these people by one person may help in the successful control of UCC.

Some telecom service providers argued against this by emphasizing the individual choice of a subscriber. However, in cases where there is authorization given by the customer, the primary user can register consent on his/her behalf. Similarly, since corporate connections are by definition owned and paid for by corporates, bulk registration in those situations can be also be done.

We recommend that given the situation in India, the provision for bulk registration be incorporated in the regulations for specific scenarios, as mentioned above. An authorization template giving the nominee power to register on behalf of a class can be incorporated to this effect. Also, an opt-out option must be incorporated in case an individual choice differs from the choice registered in the bulk-registration.

Specific Comments

Inferred Consent [Regulation 2(k)(II)(A)]

Comments
Regulation 2(k)(ii)(a) of the Draft defines consent as “voluntary permission given by the customer to the sender to receive commercial communication”. However, the draft also includes, “inferred consent”, which is defined as consent that can be “reasonably inferred from the customer’s conduct or the business and the relationship between the individual and the sender”.

When consent is derived from the customer’s conduct, rather than being given explicitly, it defeats its ‘voluntary nature’. The provision of consent being ‘reasonably inferred’ from the customer’s conduct is also vague, and there is no indication given in the draft as to what kind of conduct would lead to a reasonable inference of implied consent. The definition can also be interpreted to mean that customer’s conduct will be subject to monitoring, which raises privacy concerns.

Recommendations
Consent shall not be derived from the customer’s conduct unless the person provides it explicitly. We recommend amendment to the definition of ‘inferred consent’ accordingly.

Three years history to be stored in DL-Complaints [Regulations 24(3) and 24(4)]

Comments

Regulation 24(3) and (4) states that the DL-Ledger for Complaints (DL-Complaints) shall record ‘three years history’ of both the complainant and the sender, with details of complaints made, date, time and status of the resolution of the complaint. It is not clear from the regulation whether the mentioned set of data is exhaustive or not.

Recommendations
We recognize that the legislative intent behind drafting Regulation 24(3) and (4) was to curb frivolous or false complaints, which has already been a concern of TRAI. Storing both the complainant and the sender’s history, in such cases, may aid in resolving these.

We recommend that the language of the regulations may be amended to “three years history which only includes details of all complaint(s) made by him, with date(s) and time(s) . . .”, thereby giving a limiting qualification to the broad scope of the term.

The responsibility of the APs to ensure that the devices support the requisite permissions [Regulation 34]

Comments
Regulation 34 mandates that the APs are to ensure that the devices “registered in the network” shall support the requisite permissions of the Apps under this regulations.

In terms of jurisdiction, regulation of the functioning of electronic devices (which can be phones, tablets or smart watches) is outside the scope of the proposed regulations, and probably out of TRAI's regulatory competence.

Even if TRAI can impose the regulation on end devices, this regulation puts the burden on the APs to ensure that devices support the pertinent app permissions. Considering that TRAI itself has been weighing legal recourse against device manufacturers on similar grounds, it is unclear why TRAI assumes that APs have any legal or technical method to ensure control of a device which has neither been manufactured by them nor is it under their physical or remote control.

In modern smartphones, the end-user has full control over most app installations and permissions. This practice is consistent with a consumer's autonomy over the device and its functioning. Considering the fact that TRAI has not implemented basic security features in the 'Do Not Disturb' app, TRAI is putting at risk the privacy of millions of device owners by legally mandating permissions for an app with the second proviso. The proviso further gives TRAI the power to order APs to derecognize devices from their network. This regulation is draconic and inimical to the rights of consumers, who are at risk of losing network access and connectivity because of their device choice, which is a completely different business and market.

Recommendations
Reporting unsolicited messages or calls is a consumer right, and the regulations are in furtherance of the same goals. TRAI should enable consumer rights by giving subscribers the option to report spam and has no reason to force users to report spam possibly through legal overreach and privacy invasion. Accordingly, we recommend the removal of Regulation 34.

Additional Suggestions

Consumer and subscriber

The usage of the terms ‘customer’ and ‘subscriber’ in Regulation 3(1) implies that the terms have two different meanings. This interpretation, however, clashes with the actual definition given in Regulation 2(u) and 2(bk), whereby a customer is a subscriber. This is an inconsistent interpretation.

Either the definition of a ‘customer’ must be clarified or differentiated from that of a ‘subscriber’ in regulation 2, or regulation 3 must be amended to indicate what its actual object of regulation is - the customer or the subscriber.

Drafting misnumbering

There are a few instances of misnumbering of regulations and reference regulations which are non-existent.

Regulations 25(5)(b) and (c) make a reference to regulation 25(3)(a), which does not exist in the given draft. A bare reading of regulation 25, however, indicate that the intention was to refer to regulation 25(5)(a), and as such, this misnumbering should be rectified.

Regulation 34 makes a reference to regulation 7(2), which again, does not exist. In such case, either regulation 34 or regulation 7(2) must be amended to keep a consistent interpretation.

Ambiguous terms

‘Allocation and assignment principles and policies’ - Provision 4(1)(a) of Schedule I of the regulations indicate that header assignment should be done on the basis of ‘allocation and assignment principles and policies’, without any clarification to the meaning of this term. We recommend an amendment to this provision accordingly.

For more details visit https://cis-india.org/internet-governance/blog/comments-on-the-telecom-commercial-communications-customer-preference-regulations

NITI Aayog Discussion Paper: An aspirational step towards India’s AI policy

2018-06-13T13:08:47Z

The National Strategy for Artificial Intelligence — a discussion paper on India’s path forward in AI, is a welcome step towards a comprehensive document that reflects the government's AI ambitions. The 115-page discussion paper attempts to be an all encompassing document looking at a host of AI related issues including privacy, security, ethics, fairness, transparency and accountability.

Download the Report

The 115-page discussion paper attempts to be an all encompassing document looking at a host of AI related issues including privacy, security, ethics, fairness, transparency and accountability. The paper identifies five focus areas where AI could have a positive impact in India. It also focuses on reskilling as a response to the potential problem of job loss due the future large-scale adoption of AI in the job market. This blog is a follow up to the comments made by CIS on Twitter on the paper and seeks to reflect on the National Strategy as a well researched AI roadmap for India. In doing so, it identifies areas that can be strengthened and built upon.

Identified Focus Areas for AI Intervention

The paper identifies five focus areas—Healthcare, Agriculture, Education, Smart Cities and Infrastructure, Smart Mobility and Transportation, which Niti Aayog believes will benefit most from the use of AI in bringing about social welfare for the people of India. Although these sectors are essential in the development of a nation, the failure to include manufacturing and services sectors is an oversight. Focussing on manufacturing is fundamental not only in terms of economic development and user base, but also regarding questions of safety and the impact of AI on jobs and economic security. The same holds true for the service sector particularly since AI products are being made for the use of consumers, not just businesses. Use of AI in the services sector also raises critical questions about user privacy and ethics. Another sector the paper fails to include is defense, this is worrying since India is chairing the Group of Governmental Experts on Lethal Autonomous Weapons Systems (LAWS) in 2018. Across sectors, the report fails to look at how AI could be utilised to ensure accessibility and inclusion for the disabled. This is surprising, as aid for the differently abled and accessibility technology was one of the 10 domains identified in the Task Force Report on AI published earlier this year. This should have been a focus point in the paper as it aims to identify applications with maximum social impact and inclusion.

In its vision for the use of AI in smart cities, the paper suggests the adoption of a sophisticated surveillance system as well as the use of social media intelligence platforms to check and monitor people’s movement both online and offline to maintain public safety. This is at variance with constitutional standards of due process and criminal law principles of reasonable ground and reasonable suspicion. Further, use of such methods will pose issues of judicial inscrutability. From a rights perspective, state surveillance can directly interfere with fundamental rights including privacy, freedom of expression, and freedom of assembly. Privacy organizations around the world have raised concerns regarding the increased public surveillance through the use of AI. Though the paper recognized the impact on privacy that such uses would have, it failed to set a strong and forward looking position on the issue - such as advocating that such surveillance must be lawful and inline with international human rights norms.

Harnessing the Power of AI and Accelerating Research

One of the ways suggested for the proliferation of AI in India was to increase research, both core and applied, to bring about innovation that can be commercialised. In order to attain this goal the paper proposes a two-tier integrated approach: the establishment of COREs (Centres of Research Excellence in Artificial Intelligence) and ICTAI (International Centre for Transformational Artificial Intelligence). However the roadmap to increase research in AI fails to acknowledge the principles of public funded research such as free and open source software (FOSS), open standards and open data. The report also blames the current Indian Intellectual Property regime for being “unattractive” and averse to incentivising research and adoption of AI. Section 3(k) of Patents Act exempts algorithms from being patented, and the Computer Related Inventions (CRI) Guidelines have faced much controversy over the patentability of mere software without a novel hardware component. The paper provides no concrete answers to the question of whether it should be permissible to patent algorithms, and if yes, to to what extent. Furthermore, there needs to be a standard either in the CRI Guidelines or the Patent Act, that distinguishes between AI algorithms and non-AI algorithms. Additionally, given that there is no historical precedence on the requirement of patent rights to incentivise creation of AI, innovative investment protection mechanisms that have lesser negative externalities, such as compensatory liability regimes would be more desirable. The report further failed to look at the issue holistically and recognize that facilitating rampant patenting can form a barrier to smaller companies from using or developing AI. This is important to be cognizant of given the central role of startups to the AI ecosystem in India and because it can work against the larger goal of inclusion articulated by the report.

Ethics, Privacy, Security and Safety

In a positive step forward, the paper addresses a broader range of ethical issues concerning AI including transparency, fairness, privacy and security and safety in more detail when compared to the earlier report of the Task Force. Yet despite a dedicated section covering these issues, a number of concerns still remain unanswered.

Transparency

The section on transparency and opening the Black Box has several lacunae. First, AI that is used by the government, to an acceptable extent, must be available in the public domain for audit, if not under Free and Open Source Software (FOSS). This should hold true in particular for uses that impinge on fundamental rights. Second, if the AI is utilised in the private sector, there currently exists a right to reverse engineer within the Indian Copyright Act, which is not accounted for in the paper. Furthermore, if the AI was involved both in the commission of a crime or the violation of human rights, or in the investigations of such transgressions, questions with regard to judicial scrutability of the AI remain. In addition to explainability, the source code must be made circumstantially available, since explainable AI alone cannot solve all the problems of transparency. In addition to availability of source code and explainability, a greater discussion is needed about the tradeoff between a complex and potentially more accurate AI system (with more layers and nodes) vs. an AI system which is potentially not as accurate but is able to provide a human readable explanation. It is interesting to note that transparency within human-AI interaction is absent in the paper. Key questions on transparency, such as whether an AI should disclose its identity to a human have not been answered.

Fairness

With regards to fairness, the paper mentions how AI can amplify bias in data and create unfair outcomes. However, the paper neither suggests detailed or satisfactory solutions nor does it deal with biased historical data in an Indian context. More specifically, there seems to be no mention of regulatory tools to tackle the problem of fairness, such as:

Self-certification
Certification by a self-regulatory body
Discrimination impact assessments
Investigations by the privacy regulator

Such tools will proactively need to ensure inclusion, diversity, and equity in composition and decisions.

Additionally, with reference to correcting bias in AI, it should be noted that the technocratic view that as an AI solution continues to be trained on larger amounts of data , systems will self correct, does not fully recognize the importance of data quality and data curation, and is inconsistent with fundamental rights. Policy objectives of AI innovation must be technologically nuanced and cannot be at the cost of intermediary denial of rights and services.

Further, the paper does not deal with issues of multiple definitions and principles of fairness, and that building definitions into AI systems may often involve choosing one definition over the other. For instance, it can be argued that the set of AI ethical principles articulated by Google are more consequentialist in nature involving a a cost-benefit analysis, whereas a human rights approach may be more deontological in nature. In this regard, there is a need for interdisciplinary research involving computer scientists, statisticians, ethicists and lawyers.

Privacy

Though the paper underscores the importance of privacy and the need for a privacy legislation in India - the paper limits the potential privacy concerns arising from AI to collection, inappropriate use of data, personal discrimination, unfair gain from insights derived from consumer data (the solution being to explain to consumers about the value they as consumers gain from this), and unfair competitive advantage by collecting mass amounts of data (which is not directly related to privacy). In this way the paper fails to discuss the full implications on privacy that AI might have and fails to address the data rights necessary to enable the right to privacy in a society where AI is pervasive. The paper fails to engage with emerging principles from data protection such as right to explanation and right to opt-out of automated processing, which directly relate to AI. Further, there is no discussion on the issues such as data minimisation and purpose limitation which some big data and AI proponents argue against. To that extent, there is a lack of appreciation of the difficult policy questions concerning privacy and AI. The paper is also completely silent on redress and remedy. Further the paper endorses the seven data protection principles postulated by the Justice Srikrishna Committee. However CIS has pointed out that these principles are generic and not specific to data protection. Moreover, the law chapter of IEEE’s ‘Global Initiative on Ethics of Autonomous and Intelligent Systems’ has been ignored in favor of the chapter on ‘Personal Data and Individual Access Control in Ethically Aligned Design’ as the recommended international standard. Ideally, both chapters should be recommended for a holistic approach to the issue of ethics and privacy with respect to AI.

AI Regulation and Sectoral Standards

The discussion paper’s approach towards sectoral regulation advocates collaboration with industry to formulate regulatory frameworks for each sector. However, the paper is silent on the possibility of reviewing existing sectoral regulation to understand if they require amending. We believe that this is an important solution to consider since amending existing regulation and standards often takes less time than formulating and implementing new regulatory frameworks. Furthermore, although the emphasis on awareness in the paper is welcome, it must complement regulation and be driven by all stakeholders, especially given India’s limited regulatory budget. The over reliance on industry self-regulation, by itself, is not advisable, as there is an absence of robust industry governance bodies in India and self-regulation raises questions about the strength and enforceability of such practices. The privacy debate in India has recognized this and reports, like the Report of the Group of Experts on Privacy, recommend a co-regulatory framework with industry developing binding standards that are inline with the national privacy law and that are approved and enforced by the Privacy Commissioner. That said, the UN Guiding Principles on Business and Human Rights and its “protect, respect, and remedy” framework should guide any self regulatory action.

Security and Safety of AI Systems

In terms of security and safety of AI systems the paper seeks to shift the discussion of accountability being primarily about liability, to that of one about the explainability of AI. Furthermore, there is no recommendation of immunities or incentives for whistleblowers or researchers to report on privacy breaches and vulnerabilities. The report also does not recognize certain uses of AI as being more critical than others because of their potential harm to the human. This would include uses in healthcare and autonomous transportation. A key component of accountability in these sectors will be the evolution of appropriate testing and quality assurance standards. Only then, should safe harbours be discussed as an extension of the negligence test for damages caused by AI software. Additionally, the paper fails to recommend kill switches, which should be mandatory for all kinetic AI systems. Finally, there is no mention of mandatory human-in-the-loop in all systems where there are significant risks to safety and human rights. Autonomous AI is only viewed as an economic boost, but its potential risks have not been explored sufficiently. A welcome recommendation would be for all autonomous AI to go through human rights impact assessments.

Research and Education

Being a government think-tank, the NITI Aayog could have dealt in detail with the AI policies of the government and looked at how different arms of the government are aiming to leverage AI and tackle the problems arising out of the use of AI. Instead of tabulating the government’s role in each area and especially research, the report could have also listed out the various areas where each department could play a role in the AI ecosystem through regulation, education, funding research etc. In terms of the recommendations for introducing AI curriculums in schools, and colleges, the government could also ensure that ethics and rights are part of the curriculum - especially in technical institutions. A possible course of action could include corporations paying for a pan-Indian AI education campaign.This would also require the government to formulate the required academic curriculum that is updated to include rights and ethics.

Data Standards and Data Sharing

Based on the amount of data the Government of India collects through its numerous schemes, it has the potential to be the largest aggregator of data specific to India. However the paper does not consider the use of this data with enough gravity. For example, the paper recommends Corporate Data Sharing for “social good” and making government datasets from the social sector available publicly. Yet this section does not mention privacy enhancing technologies/standards such as pseudonymization, anonymization standards, differential privacy etc. Additionally there should be provisions that allow the government to prevent the formation of monopolies by regulating companies from hoarding user data. The open data standards could also be applicable to the private companies, so that they can also share their data in compliance with the privacy enhancing technologies mentioned above. The paper also acknowledges that AI Marketplaces require monitoring and maintenance of quality. It recognises the need for “continuous scrutiny of products, sellers and buyers”, and proposes that the government enable these regulations in a manner that private players could set up the marketplace. This is a welcome suggestion, but the legal and ethical framework of the AI Marketplace requires further discussion and clarification.

An AI Garage for Emerging Economies

The discussion paper also qualifies India as an “ideal test-bed” for trying out AI related solutions. This is problematic since questions of regulation in India with respect to AI have yet to be legally clarified and defined and India does not have a comprehensive privacy law. Without a strong ethical and regulatory framework, the use of new and possibly untested technologies in India could lead to unintended and possibly harmful outcomes.The government's ambition to position India as a leader amongst developing countries on AI related issues should not be achieved by using Indians as test subjects for technologies whose effects are unknown.

Conclusion

In conclusion, NITI Aayog’s discussion paper represents a welcome step towards a comprehensive AI strategy for India. However, the trend of inconspicuously releasing reports (this and the AI Task Force) as well as the lack of a call for public comments, seems to be the wrong way to foster discussion on emerging technologies that will be as pervasive as AI.

The blanket recommendations were provided without looking at its viability in each sector. Furthermore, the discussion paper does not sufficiently explore or, at times, completely omits key areas. It barely touched upon societal, cultural and sectoral challenges to the adoption of AI — research that CIS is currently in the process of undertaking.Future reports on Indian AI strategy should pay more attention to the country’s unique legal context and to possible defense applications and take the opportunity to establish a forward looking, human rights respecting, and holistic position in global discourse and developments. Reports should also consider infrastructure investment as an important prerequisite for AI development and deployment. Digitised data and connectivity as well as more basic infrastructure, such as rural electricity and well-maintained roads, require more funding to more successfully leverage AI for inclusive economic growth. Although there are important concerns, the discussion paper is an aspirational step toward India’s AI strategy.

For more details visit https://cis-india.org/internet-governance/blog/niti-aayog-discussion-paper-an-aspirational-step-towards-india2019s-ai-policy

Why NPCI and Facebook need urgent regulatory attention

sunil — 2018-06-12T02:07:42Z

The world’s oldest networked infrastructure, money, is increasingly dematerialising and fusing with the world’s latest networked infrastructure, the Internet.

The article was published in the Economic Times on June 10, 2018.

As the network effects compound, disruptive acceleration hurtle us towards financial utopia, or dystopia. Our fate depends on what we get right and what we get wrong with the law, code and architecture, and the market.

The Internet, unfortunately, has completely transformed from how it was first architected. From a federated, generative network based on free software and open standards, into a centralised, environment with an increasing dependency on proprietary technologies.

In countries like Myanmar, some citizens misconstrue a single social media website, Facebook, for the internet, according to LirneAsia research. India is another market where Facebook could still get its brand mistaken for access itself by some users coming online. This is Facebook put so many resources into the battle over Basics, in the run-up to India’s network neutrality regulation. an odd corporation.

On hand, its business model is what some term surveillance capitalism. On the other hand, by acquiring WhatsApp and by keeping end-toend (E2E) encryption “on”, it has ensured that one and a half billion users can concretely exercise their right to privacy. At the time of the acquisition, WhatsApp founders believed Facebook’s promise that it would never compromise on their high standards of privacy and security. But 18 months later, Facebook started harvesting data and diluting E2E.

In April this year, my colleague Ayush Rathi and I wrote in Asia Times that WhatsApp no longer deletes multimedia on download but continues to store it on its servers. Theoretically, using the very same mechanism, Facebook could also be retaining encrypted text messages and comprehensive metadata from WhatsApp users indefinitely without making this obvious.

My friend, Srikanth Lakshmanan, founder of the CashlessConsumer collective, is a keen observer of this space. He says in India, “we are seeing an increasing push towards a bank-led model, thanks to National Payments Corporation of India (NPCI) and its control over Unified Payments Interface (UPI), which is also known as the cashless layer of the India Stack.”

NPCI is best understood as a shape shifter. Arundhati Ramanathan puts it best when she says “depending on the time and context, NPCI is a competitor. It is a platform. It is a regulator. It is an industry association. It is a profitable non-profit. It is a rule maker. It is a judge. It is a bystander.”

This results in UPI becoming, what Lakshmanan calls, a NPCI-club-good rather than a new generation digital public good. He also points out that NPCI has an additional challenge of opacity — “it doesn’t provide any metrics on transaction failures, and being a private body, is not subject to proactive or reactive disclosure requirements under the RTI.”

Technically, he says, UPI increases fragility in our financial ecosystem since it “is a centralised data maximisation network where NPCI will always have the superset of data.” Given that NPCI has opted for a bank-led model in India, it is very unlikely that Facebook able to leverage its monopoly the social media market duopoly it shares with in the digital advertising market to become a digital payments monopoly.

However, NCPI and Facebook both share the following traits — one, an insatiable appetite for personal information; two, a fetish for hypercentralisation; three, a marginal commitment to transparency, and four, poor track record as a custodian of consumer trust. The marriage between these like-minded entities has already had a dubious beginning.

Previously, every financial technology wanting direct access to the NPCI infrastructure had to have a tie-up with a bank. But for Facebook and Google, as they are large players, it was decided to introduce a multi-bank model. This was definitely the right thing to do from a competition perspective. But, unfortunately, the marriage between the banks and the internet giant was arranged by NPCI in an opaque process and WhatsApp was exempted from the full NPCI certification process for its beta launch.

Both NPCI and Facebook need urgent regulatory attention. A modern data protection law and a more proactive competition regulator is required for Facebook. The NPCI will hopefully also be subjected to the upcoming data protection law. But it also requires a range of design, policy and governance fixes to ensure greater privacy and security via data minimisation and decentralisation; greater accountability and transparency to the public; separation of powers for better governance and open access policies to prevent anti-competitive behaviour.

For more details visit https://cis-india.org/internet-governance/blog/economic-times-june-10-2018-sunil-abraham-why-npci-and-facebook-need-urgent-regulatory-attention

Network Disruptions Report by Global Network Initiative

akriti — 2018-06-12T01:31:40Z

Around 70% of all known shutdowns in the world took place in India in 2017. The same year Telecom Authority of India (TRAI) released the “Temporary Suspension of Internet Services” giving State and Central Government officials the power to terminate Internet services as per the guidelines.

The report by Global Network Initiative can be read here.

However S.144 of the Criminal Procedure Code as well Section 5 of the Telegraph Act are still used as legal grounds. The former targets unlawful assembly while the latter gives authorities the right to prevent transmission of messages, applicable to messages sent over the Internet as well. A case in the Gujarat High Court challenging the validity of using S.144 of the CrPC was dismissed essentially stating the Government could use the section to enforce shutdowns to maintain law and order.

The right to Internet has been accepted as a fundamental right by the United Nations and one which, cannot be disassociated from the exercise of freedom of expression and opinion and the right to peaceful assembly. These are rights guaranteed by the Constitution, affirmed in the Universal Declaration of Human Rights and thus should be provided, both, online and offline. Online movements are unpredictable and dynamic making Governments fearful of their lack of control over content hosting websites. Their fear becomes their de facto perception of online services resulting in network shutdowns regardless of the reality on ground.

Given the rising importance of this issue, Global Network Initiative has published a report on such Network Disruptions by Jan Rydzak . A former Google Policy fellow and now a PhD candidate at the University of Arizona, he, conducts research on the nexus between technology and protest. The report, which uses India as a case study calls for more attention on network disruptions, the 'new form of digital repression' and delves into its impact on human rights. Rydzak aims at widening the gambit of affected rights by discussing the civil and political rights of freedom of assembly, right to equality, religious belief and such. These are ramifications not widely discussed so far and helps shine a light on the collateral damage incurred due to these shutdowns. Through a multitude of interviews with various stakeholders, the author brings to forefront the human rights implications of network disruptions on different groups of individuals such as women, immigrants and certain ethnic groups. These dangers are even more when it comes to vulnerable populations and the report does a comprehensive analysis of all of the above.

For more details visit https://cis-india.org/internet-governance/blog/network-disruptions-report-by-global-network-initiative

Citizens’ Draft Privacy Bill Seeks To Revolutionise Data Collection, Storage In India

Admin — 2018-06-11T02:47:46Z

A draft privacy bill proposes sweeping reforms to the way personal data is collected, processed and stored in India.

The blog post by Arpan Chaturvedi was published in Bloomberg Quint on June 9, 2018. CIS research was quoted.

Titled Indian Privacy Code, 2018, the draft proposes that “all data collected, processed and stored by data controllers and data processors prior to the date on which this Act comes into force shall be destroyed within a period of two years from the date on which this Act comes into force”.

The draft has been put together by a group of lawyers and policy analysts and uploaded on the website of ‘Save our Privacy’ — a public initiative to put forth a model law on data protection. The initiative is backed by the India Privacy Foundation.

No person, including a data controller and data processor, shall collect any personal data without obtaining the consent of the data subject to whom it pertains, the draft bill says. Collection of personal data without consent can happen only when:

It’s necessary for the provision of an emergency medical service.
Prevent, investigate or prosecute a cognizable offence.
Exempted by a privacy commission that the draft seeks to institute

Also, the draft bill proposes that no person shall store any personal data for a period longer than is necessary to achieve the purpose for which it was collected or received. The same applies to the processing of personal data.

The draft bill has been submitted to the Justice Sri Krishna Committee — which will deliberate on a data-protection framework for the country. The committee’s first draft is likely to be submitted this month.

The bill prescribes punishment for offenses related to interception of communication, surveillance, abetment, repeat offenders and offenses by companies.

The bill, according to information on the website, is based on seven principles, foremost of which is the importance of individual rights. The others are:

A data protection law must be based on privacy principles and guidelines discussed in the report of Justice AP Shah Committee of Experts; the Supreme Court judgement on Right to Privacy and European Union’s General Data Protection Regulation.
A strong privacy commission must be created to enforce privacy principles. The commission should be granted wide powers of investigation, adjudication, rule-making and enforcement. The privacy commission must have jurisdiction over the government as well as private bodies.
The government must respect user privacy. The government cannot deny essential services to citizens if they choose not to share data with it. The draft says government withholding services on pretext of collection of information effectively amounts to “extortion of consent”.
A complete privacy code must come with surveillance reform. Even when individual interception and surveillance is carried out this should be severely limited in substance and practiced through procedural safeguards.
Strengthen the Right To Information Act and exempt information commissioners from interference or control by the privacy commissioner
International protection and harmonisation is a must to protect the open internet. The group suggests the law must have extraterritorial effect and apply to web services and platforms which are accessible in India and gather personal data of Indians.

The bill takes inspiration from the Privacy (Protection) Bill, 2013 which was drafted over a series of roundtable discussions and inputs conducted by the Centre for Internet and Society, Bengaluru.

The individuals who were involved in the drafting of the model law are Raman Jit Singh Cheema, Apar Gupta, Gautam Bhatia, Kritika Bhardwaj, Maansi Verma, Naman N Aggarwal, Praavita Kashyap, Prasanna S, Ujjwala Uppaluri, Vrinda Bhandari.

For more details visit https://cis-india.org/internet-governance/news/bloomberg-quint-june-9-2018-draft-bill-seeks-to-revolutionise-data-collection-storage-in-india

Comments on the Draft National Policy on Official Statistics

Gurshabad Grover and Sandeep Kumar — 2018-06-07T02:54:18Z

This submission presents comments by the Centre for Internet & Society, India (“CIS”) on the Draft National Policy on Official Statistics which was released to the public by the Ministry of Statistics and Programme Implementation on 17th May 2018 for comments and views.

Edited by Swaraj Barooah. Download a PDF of the submission here

Preliminary

CIS appreciates the Government’s efforts in realising the importance of the need for high quality statistical information enshrined in the Fundamental Principles of Official Statistics as adopted by the UN General Assembly in January 2014. CIS is grateful for the opportunity to put forth its views on the draft policy. This submission was made on 31st May, 2018.

First, this submission highlights some general defects in the draft policy: there is lack of principles guiding data dissemination policies; there are virtually no positive mandates set for Government bodies for secure storage and transmission of data; and while privacy is mentioned as a concern, it has been overlooked in designing the principles of the implementation of surveys. Then, this submission puts forward specific comments suggesting improvements to various sections in the draft policy.

CIS would also like to point out the short timeline between the publication of the draft policy (18th May, 2018), and the deadline set for the stakeholders to submit their comments (31st May, 2018). Considering that the policy has widespread implications for all Ministries, citizens, and State legislation rights (proposed changes include a Constitutional Amendment), it is necessary that such call-for-comments are publicised widely, and enough time is given to the public so that the Government can receive well-researched comments.

General Comments

Data dissemination

For data dissemination, the draft policy does not stress upon a general principle or set of principles, and often disregards principles specified in the Fundamental Principles of Official Statistics, which are the very principles the Government intends to draw its policies on official statistics from. Rather it relies on context-specific provisions that fail to summarise and articulate a general philosophy for the dissemination of official statistics, and fails to practically embody some stated goals. The first principle on Official Statistics, as realised by the United Nations General Assembly, clearly states that: “[...] official statistics that meet the test of practical utility are to be compiled and made available on an impartial basis by official statistical agencies to honour citizens’ entitlement to public information.”

Let us compare this with Section 5.1.7 (9) of the draft policy, which refers to policies regarding core statistics: it mentions a data “warehouse” to be maintained by the NSO which should be accessible to private and public bodies. While this does point towards an open data policy, such a vision has not been articulated in any part thereof.

The draft policy, at the outset, should have general guiding principles of publishing data openly and freely (once it meets the utility test, and it has been ensured that individual privacy will not be violated by the publishing of such statistics). This should serve well to inform further regulations and related policies governing the use and publishing of statistics, like the Statistical Disclosure Control Report.

A general commitment to a well-articulated policy on data dissemination will ensure easy-to-follow principles for the various Ministries that will refer to the document. The additional principles that come with open data principles should also be described by the policy document: a commitment to publishing data in a machine-readable format, making it available in multiple data formats (.txt, .csv, etc.), and including its metadata.

Data storage and usage

In the absence of a regime for data protection, it is absolutely necessary that a national policy on statistics provide positive mandates for the encryption of all digitally-stored personal and sensitive information collected through surveys. Even though the current draft of the policy mentions the need to protect confidential information, it sets no mandatory requirements on the Government to ensure the security of such information, especially on digital platforms.

Additionally, all transmission of potentially sensitive information should be done with the digital signatures of the employee/Department/Ministry authorising said transmission. This will ensure the integrity and authenticity of the information, and provide with an auditable trail of the information flowing between entities in the various bodies.

Data privacy

It is appreciable that Section 5.7.9 of the draft policy notes, “[a]ll statistical surveys represent a degree of privacy invasion, which is justified by the need for an alternative public good, namely information.” However, all statistical surveys may not be proportionate in their invasiveness, even if they might serve a legitimate public goal in the future.

The draft policy does not address how privacy concerns can be taken into account while designing the survey itself. A necessary outcome of the realisation of the possible privacy violations that may arise due to surveys is that all data collection be “minimally intrusive”, the data be securely stored (see previous comment section, ‘Data storage and usage’), and the surveyed users have control over the data even after they have parted with their information.

Since the policy deals extensively with the implementation of surveys, the following should details should be clearly laid out in the policy:

The extent to which an individual has control over the data they have provided to the surveying agency.
The means of redressal available to an individual who feels that his/her privacy has been violated through the publication of certain statistical information

Specific Comments

Section 5.1: Dichotomising official statistics as core statistics and other official statistics

Comments

The reasons for dichotomising official statistics has not been appropriately substantiated with evidence, considering the wide implications of policy proposals that arise from the definition of “core statistics.”

Firstly, the descriptions of what constitutes “core statistics” casts too wide a net by only having a single vague qualitative criterion, i.e. “national importance.” All the other characteristics of the “core statistics” are either recommendations or requirements as to how the data will be handled and thus, pose no filter to what can constitute “core statistics.” The wide net is apparent in the fact that even the initially-proposed list of “core statistics”, given in Annex-II of the policy, has 120 categories of statistics.

Secondly, the policy does not provide reasons for why the characteristics of “core statistics”, highlighted in Section 5.1.5, should not apply to all official statistics at the various levels of Government. Therefore, the utility of the proposed dichotomy has also not been appropriately substantiated with illustrative examples of how “core statistics” should be considered qualitatively different from all official statistics.

This definition may lead to widespread disagreement between the States and the Centre, because Section 5.2 proposes that “core statistics” be added to the Union List of the Seventh Schedule of the Constitution. How the proposal may affect Centre-State responsibilities and relations pertaining to the collection and dissemination of statistics is elaborated in the next section.

Recommendations

The policy should not make a forced dichotomy between “core” and (ipso facto) non-core statistics. If a distinction is to be made for any reason(s) (such as for the purposes of delineating administrative roles) then such reason must be clearly defined, along with a clear explanation for why such a dichotomy would alleviate the described problem. The definitions should have tangible and unambiguous qualitative criteria.

Section 5.2: Constitutional amendment in respect of core statistics

Comments

The main proposal in the section is that the Seventh Schedule of the Constitution be amended to include “core statistics” in the Union List. This would give the Parliament the legislative competence to regulate the collection, storage, publication and sharing of such statistics, and the Central Government the power to enforce such legislation. Annex-II provides a tentative list of what would constitute “core statistics”; as is apparent, this list is wide-ranging and consists over 120 items which span the gamut of administrative responsibilities.

The list includes items such as “Landholdings Number, area, tenancy, land utilisation [...]” (S. No. 21), and “Statistics on land records” (S. No. 111) while most responsibilities of land regulation currently lie with the States. Similarly, items in Annex-II venture into statistics related to petroleum, water, agriculture, electricity, and industry; some of which are in the Concurrent or State List.

Statistics are metadata. There is no reason for why the administration of a particular subject lie with the State, and the regulation of data about such subject should lie with solely with the Central Government. It is important to recognise that adding the vaguely defined “core statistics” to the Union List, while enabling the Central Government to execute and plan such statistical exercises, will also prevent the States from enacting any legislation that regulates the management of statistics regarding its own administrative responsibilities.

The regulation of State Government records in general has been a contentious issue, and its place in our federal structure has been debated several times in the Parliament: the enactment of Public Records Act, 1993; the Right to Information Act, 2005; and the Collection of Statistics Act, 2008 are predicated on an assumption of such competence lying with the Parliament. However, it is equally important to recognise the role States have played in advancing transparency of Government records. For example, State-level Acts analogous to the Right to Information Act existed in Tamil Nadu and Karnataka before the Central Government enactment.

Recommendations

We strongly recommend that “statistics” be included in the Concurrent List, so that States are free to enact progressive legislation which advances transparency and accountability, and is not in derogation of Parliamentary legislation.

The Ministry should view this statistical policy document as a venue to set the minimum standards for the collection, handling and publication of statistics regarding its various functions. If the item is added to the Concurrent List, the States, through local legislation, will only have the power to improve on the Central standards since in a case of conflict, State-levels laws will be superseded by Parliamentary ones.

Section 5.3: Mechanism for regulating core statistics including auditing

Comments

The draft policy in Section 5.3.2 says, “[...] The Committee will be assisted by a Search Committee headed by the Vice-Chairperson of the NITI Aayog, in which a few technical experts could be included as Members.” The non-commital nature of the word ‘could’ in this statement detracts from the importance of having technical experts on this committee, by making their inclusion optional. The policy also does not specify who has the power to include technical experts as Members in the Search Committee. The statement should include either a minimum number of a specific number or members, and not use the non-committal word “could”

The National Statistical Development Council, as mentioned in 5.3.9, is supposed to “handle Centre-State relations in the areas of official statistics, the Council should be represented by Chief Ministers of six States to be nominated by the Centre” (Section 5.3.10). The draft does not elaborate on the rationale behind including just six states in the Council. It does not recommend any mechanism on the basis of which Centre will nominate states in the council.

Recommendations

The policy should recommend a minimum number of technical experts who must be included in the search committee, along with a clear process for how such members are to be appointed.

Additionally, the policy appropriately recognises the great diversity in India and the unique challenges faced by each State. Thus, each State has its unique requirements. Since in Section 5.3.11, the policy recommends that council meet at a low frequency of at least once in a year, all States should be represented in the Council.

Section 5.4: Official Machinery to implement directions on core statistics

Comments

The functions of Statistics Wing in the MOSPI, laid out in Section 5.4.7, include advisory functions which overlap with functions of National Statistical Commission (NSC) mentioned in Section 5.3.5. Some regulatory functions of Statistics Wing, like “conducting quality checks and auditing of statistical surveys/data sets”, overlap with the regulatory functions of NSC mentioned in Section 5.3.7.

In section 5.3.1, the draft policy explicitly mentions that “what is feasible and desirable is that production of official statistics should continue with the Government, whereas the related regulatory and advisory functions could be kept outside the Government”. But Statistics Wing is a part of the government and it also has regulatory and advisory functions. It will adversely affect the power of NSC as an autonomous body.

There are inconsistencies in the draft-policy regarding the importance and need of a decentralized statistical system. In section 3 [Objectives], it has been emphasized that the Indian Statistical System shall function within decentralized structure of the system. But, in section 5.4.15, the draft says that decentralized statistical system poses a variety of problems, and advocates for a unified statistical system. Again, in section 5.15, draft emphasizes the development of sub-national statistical systems. These views are inconsistent and create confusion regarding the nature of statistical system that policy wants to pursue.

Recommendations

The functions of the NSC should be kept in its exclusive domain. Any such overlapping functions should be allocated to one agency taking into consideration the Fundamental Principles on Official Statistics.

The inconsistencies regarding the decentralisation philosophy of the statistical system should be addressed.

Section 5.5: Identifying statistical products required through committees

Comments

While Section 5.5.2 recognises data confidentiality as a goal for statistical coordination, it does not take into account the violation of privacy that might occur due to the sharing of data. For example, a certain individual might agree to share personal information with a particular Ministry, but have apprehensions about it being shared with other Ministries or private parties.

Recommendations

We recommend that point 4 in Section 5.5.2 be read as, “enabling sharing of data without compromising the privacy of individuals and the confidentiality/security of data.”The value of of the individual privacy stems from both the recent Supreme Court judgment that affirmed privacy as a Fundamental Right, and also Principle 6 of the of the Fundamental Principles of Official Statistics. Realising privacy as a goal in this section will add a realm of individual control that is already articulated in Section 5.7.9.

Annex-VII: Guidelines on Outsourcing statistical activities

Comments

Section 6 defines “sensitive information” in an all-inclusive manner and does not leave space for further inclusion of any information that may be interpreted as sensitive. For example, biometric data has not been listed as “sensitive information”.

Section 9.1, draft says, “[t]he identity of the Government agency and the Contractor may be made available to informants at the time of collection of data”. It is imperative that informants have the right to verify the identity of the Government agency and the Contractor before parting with their personal information.

Recommendations

The definition of “sensitive information” should be broad-based with scope for further inclusion of any kind of data that may be deemed “sensitive.”

Section 9.1 must mandate that the identity of the Government agency and the Contractor be made available to informants at the time of collection of data.

Section 9.6 can be redrafted to state that each informant must be informed of the manner in which the informant could access the data collected from the informant in a statistical project, as also of the measures taken to deny access on that information to others, except in the cases specified by the policy.

Section 10.2 can be improved to state that if information exists in a physical form that makes the removal of the identity of informants impracticable (e.g. on paper), the information should be recorded in another medium and the original records must be destroyed.

For more details visit https://cis-india.org/internet-governance/blog/comments-on-the-draft-national-policy-on-official-statistics

Comments on Draft National Policy on Official Statistics

Gurshabad Grover — 2018-06-07T01:58:22Z

For more details visit https://cis-india.org/internet-governance/files/comments-on-draft-national-policy-on-official-statistics